"Fossies" - the Fresh Open Source Software Archive
Member "sleuthkit-4.7.0/tsk/docs/cpp.dox" (11 Oct 2019, 2413 Bytes) of package /linux/privat/sleuthkit-4.7.0.tar.gz:
As a special service "Fossies" has tried to format the requested text file into HTML format (style: standard
) with prefixed line numbers.
Alternatively you can here view
the uninterpreted source code file.
For more information about "cpp.dox" see the Fossies "Dox" file reference
1 /*! \page cpppage C++ Classes
3 This section provides a high-level overview of the C++ classes that
4 wrap around the C structs and functions. The C++ interface can be
5 used when the rest of your program is in C++ and when you want to
6 ensure that the proper locks and thread-safe mechanisms are used
7 in a multi-threaded environment. TSK contains locks to make it
8 thread safe, but the C interface allows a thread to modify data in
9 a shared structure without obtaining the proper lock.
11 Note that the C++ interfaces simply create and use C structs behind
12 the scenes. Therefore, the methods are very similar to the C
13 functions. References to the C++ classes were given in earlier
14 sections of the User's Guide. It is assumed that the user has read
15 the preceding sections of the User's Guide to get an understanding of
16 what TSK is capable of doing. This section provides references and links
17 to the main C++ classes.
20 \section cpp_basics Basics
21 The first step is to open the image with the TskImgInfo class. This class allows you to read from the disk image. See \ref imgpage for details on the C structs and functions at this layer.
23 After the image is open, you can determine the volume system of the image using the TskVsInfo class. It will detect the volume system and provide access to each volume (or partition). The TskVsPartInfo class provides references to the details of each partition. See \ref vspage for details on the C structs and functions at this layer.
25 Now that you know the layout of the image, you can open each volume to see what file system it has inside. Use the TskFsInfo class for this. Once you have the file system open, there are many ways to analyze the file system contents. The TskFsBlock class provides access to each block in the file system. The TskFsDir class provides access to each directory and the TskFsFile class provides access to each file. From there, you can access all of the details of the file, including its name info (in TskFsFile) and metadata (in TskFsMeta). Access to all of the file's attributes are provided via the TskFsAttribute class. See \ref fspage for details on the C structs and functions at this layer.
27 If you want to automate the entire process and not deal with manually detecting volumes and file systems, consider the TskAuto class. See \ref autopage for more automation details.
29 Back to \ref users_guide "Table of Contents"